The research team used a variety of XML-based signature-wrapped attacks to gain administrative access of customer accounts, then created new instances of the customer's cloud. They also used cross-site scripting attacks against open source private-cloud framework Eucalyptus, and said the Amazon service was susceptible to cross-site scripting attacks, too. To its credit, Amazon is paying close attention to this research and has worked to correct problems.

Separately, consultancy CDW posted a blog item about an alleged vulnerability in Facebook that would allow a hacker to send a potentially malicious file to anyone on Facebook. Facebook downplayed the risk.

Well, maybe all this interest in Facebook is due to the countdown to Nov. 5, the day celebrated as Guy Fawkes Day in England, which is the day on which the shadowy hacker group Anonymous last August said it would "destroy" Facebook. Yes, completely destroy. And that's next Saturday ...

Security-event management

Last week IBM officially completely its acquisition of Q1 Labs, and the IBM Security Systems Division is making it clear that the Q1 security information and event management (SIEM) technology will be the centerpiece for IBM security products going forward. The goal is to extend SIEM, which traditionally aggregated and correlated real-time data from security devices such as firewalls and intrusion-detection systems, in several ways, such as combining it with identity management data, as well as business intelligence analytics.

The evolving role of SIEM came up when discussing with the chief security officer at Zions Bancorporation how the multibillion-dollar bank-holding company is adopting the data security warehouse approach. In this arrangement, the SIEM becomes another feed into a massive repository for analytics that can also take in business intelligence. This is all fairly new, but it suggests SIEM, one of the more important technologies advanced over the past half-decade for security, is not standing still.

China in the news, again and again

Last Thursday, The New York Times, The Wall Street Journal and Bloomberg all ran articles highly critical of China on security and human rights grounds, and each article took up a different topic related to information technology.

There was everything from accusations about Chinese hackers trying to hack U.S. satellites, to China out to set up an "Internet management system" to strictly control social-networking and messaging, to Chinese firm Huawei Technologies setting up a surveillance-monitoring system for the Iranian government through the Iranian cellular-telephone system.

Two weeks ago, Chinese-based company Huawei was complaining about getting the cold shoulder for U.S. federal contracts related to an emergency response system.

There are a lot of political nuances that are coming to the fore and information technology, at least on the part of the U.S., is not seen as something that can necessarily be separated from geopolitical security and human rights.

Last week as well, Richard Clarke, former cybersecurity adviser and now CEO and consultant at Good Harbor Consulting, spoke plainly when he said in his discussion of cyberattacks, "Frankly, the government of China is involved in hacking into American companies and taking that information and giving it to Chinese companies. It means our intellectual property is going out the door in petabytes and terabytes."

Copyright 2017 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.